Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:21 AM
Dark Reading
Dark Reading
Products and Releases

NSS Labs Reveals Browsers' Anti-Phishing Progress And Phishers' New Tactics

Examined four leading browsers -- Apple Safari, Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox

AUSTIN, TX--(Nov 28, 2012) - NSS Labs today released the latest results and analysis from its web browser security comparative series which evaluated the phishing protection offered by the four leading browsers -- Apple Safari, Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox. During the 10-day test period, the average phishing URL catch rate ranged from 90% for Firefox 15 to 94% for Chrome 21 -- a significant improvement from 2009 testing where the average block rate was 46%. The average time it took the tested browsers to block a phishing URL also improved to 4.87 hours versus 16.43 hours in 2009 tests.

These test results show that web browsers, an important first line of defense, have improved their ability to detect and block malicious phishing sites sufficiently promoted through fraudulent messages to be more quickly logged in reputation-based systems updating browsers' blocking features. As a result, attackers must create and rotate phishing URLs far more frequently in order for them to be effective. Browsers' reputation-based defenses, as a rule, offer less protection from more narrowly targeted phishing attacks, such as those aimed at government and financial services organizations and likely launched selectively in an effort to evade reputation system recognition.

View the NSS Labs 2012 Browser Security Comparative Analysis Report - Phishing Protection.

Key browser security test conclusions for phishing protection include:

The number of malicious, phishing-linked URLs is growing significantly: Phishing continues to be one of the top attack vectors used by cybercriminals to gain access to systems and sensitive data. While the number of reported phishing attacks peaked in 2009, the average number of phishing sites detected has been on the rise from under 40,000 per month in 2011 to over 50,000 per month in 2012. Seconds count in the war on phishing: The new challenge for web browsers is to quicken blocking response times. With phishing sites now rotating at a much faster pace, it is critical for browsers to identify and block sites more rapidly. The average uptime for sites linked to phishing attacks in 2012 is around 23 hours; down from a high of 73 hours in 2010. The zero-hour block rates for the browsers tested against brand new malicious URLs ranged from Chrome 21 at 53.2% to Safari 5 at 79.2%. Firefox 15 had the fastest average block time at 2.35 hours, while all other browsers ranged from 5.38 to 6.11 hours. While all the browsers blocked over 83% of the phishing URLs used in testing by end of day one; it took 3 - 5 days for each to reach its maximum block rate. Phishing protection is just one of many browser security factors to consider: While all browsers average above a 90% block rate for phishing, end-users and enterprises should also take protection against other threats -- such as malware and drive-by downloads -- into consideration when selecting a browser. Although Firefox and Safari performed well in phishing response times, separate NSS Labs testing shows they lag behind Internet Explorer and Chrome in blocking socially-engineered malware. In overall malware testing, Internet Explorer blocked over 99.1% of malicious downloads, while Chrome was a distant second blocking only 70.4%, followed by both Firefox and Safari blocking less than 6%. Results of all previous browser security tests performed by NSS Labs can be found online at www.nsslabs.com.

Commentary: NSS Labs Research Director Randy Abrams "Phishing has been a pernicious threat for several years and the variety of measures designed to mitigate the problem have yet to decrease the prevalence of such attacks. Recent advances in reputation-based blocking systems are reaching maturity and now afford consumers and enterprises significant protections against the less sophisticated attacks," said Randy Abrams, Research Director at NSS Labs. "Still, the availability of cheap and disposable domains allow criminals to rapidly change the location of phishing sites. The result is that even a site that is live for only a few hours can evade detection and ensnare enough unwary consumers to be a profitable criminal endeavor. Sophisticated spearphishing campaigns continue to be highly problematic to defend against. It is important that developers harden browsers to block not only phishing attacks, but also other threats, such as socially engineered malware and drive-by downloads as these remain popular and effective attack vectors for cybercriminals."

The products covered in this test were:

Apple Safari 5 Google Chrome 21 Microsoft Internet Explorer 10 Mozilla Firefox 15

About NSS Labs, Inc. NSS Labs, Inc. is the world's leading information security research and advisory company. We deliver a unique mix of test-based research and expert analysis to provide our clients with the information they need to make good security decisions. CIOs, CISOs, and information security professionals from many of the largest and most demanding enterprises rely on NSS Labs' insight, every day. Founded in 1991, the company is located in Austin, Texas. For more information, visit www.nsslabs.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-08-03
Dell PowerScale OneFS versions 8.1.0-9.1.0 contain an Incorrect User Management vulnerability.under some specific conditions, this can allow the CompAdmin user to elevate privileges and break out of Compliance mode. This is a critical vulnerability and Dell recommends upgrading at the earliest.
PUBLISHED: 2021-08-03
Dell EMC PowerScale OneFS contains an untrusted search path vulnerability. This vulnerability allows a user with (ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE) and (ISI_PRIV_SYS_UPGRADE or ISI_PRIV_AUDIT) to provide an untrusted path which can lead to run resources that are not under the application...
PUBLISHED: 2021-08-03
Dell EMC PowerScale OneFS versions 8.1.2-9.1.0.x contain an Improper Check for Unusual or Exceptional Conditions in its auditing component.This can lead to an authenticated user with low-privileges to trigger a denial of service event.
PUBLISHED: 2021-08-03
Dell PowerScale OneFS versions and earlier contain a denial of service vulnerability. SmartConnect had an error condition that may be triggered to loop, using CPU and potentially preventing other SmartConnect DNS responses.
PUBLISHED: 2021-08-03
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3.